Fortinet: Beware of Android Malware

T.C. Seow |
Feb. 1, 2012

According to a recent report from Fortinet’s FortiGuard Labs, a new vulnerability has been discovered that can affect Android phones at the root level

Android smartphones are becoming more popular but users need to be cautious about malware attacking the Android platform. According to a recent report from Fortinet's FortiGuard Labs, a new vulnerability has been discovered that can affect Android phones at the root level.

FortiGuard Labs found interesting the disparity between the amount of malware found on the Android operating system compared to that found on iOS, relative to their market share size.

"FortiGuard Labs has found approximately five times the amount of malicious families on the Android OS versus what we've found on iOS," said Axelle Apvrille, senior mobile anti-virus researcher at Fortinet. "Webelieve that this disparity can be attributed to the way Apple handles iOS application development and distribution. Unlike Android, which makes it fairly easy to place applications for people to download, iOS requires developers to undergo some strict screening from Apple before the application can make it to the Apple Store. That's not to say that Apple is totally immune from being infiltrated by malware - the Eeki banking worm proves that, but it is a testament to why we're seeing so little activity on the iOS platform."

But Android's higher market share and open development environment comes with a price, Fortinet believes, as there is an almost six-fold increase in malware targeting the operating system. FortiGuard Labs have seen a 90 percent increase in Android malware families in 2011 compared to 2010, while malicious iOS families only increased by 25 percent, Apvrille said.

The Top 5 malware families for which FortiGuard Labs have received the most samples in 2011 are:

Geinimi: Android's first botnet, which sends a victim's geographic location and controls his/her phone remotely. For example, Geinimi can force the infected phone to call a given phone number.

Hongtoutou: A Trojan live wallpaper that steals private information such as the victim's subscriber number (IMSI) and automatically visits Websites that the malware directs it to.

DroidKungFu: Another botnet that has multiple capabilities such as remotely installing other malware, remotely starting specific applications and adding bookmarks.

The aforementioned malware and more are detected by Fortinet's antivirus engine. It should also be noted that malware such as BaseBridge was available on the Android market but was later removed. Oftentimes malicious software tries to pass itself off as a genuine application, although malware has also been found within a legitimate application they have infected.

"DroidKungFu was an example of malware that was found repackaged in a legitimate VPN utility, whereas Geinimi was found within the legitimate application 'Sex Positions,'" said Karine de Ponteves, malware analyst at Fortinet.